Yetiforce

yetiforce

18 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Yetiforce Customer Relationship Management

yetiforce_customer_relationship_management

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49508 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Feb 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php comp...Show more Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.Show less
CVE-2022-3002 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Oct 6, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3005 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Sep 20, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3004 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Sep 20, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-3000 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Sep 20, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2924 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Sep 20, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3.
CVE-2022-2829 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Aug 23, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2890 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Aug 22, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1340 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Aug 22, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2885 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Aug 21, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1411 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 May 5, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data...Show more Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover.Show less
CVE-2022-0269 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Jan 24, 2022 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.
CVE-2021-4121 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 16, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4117 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 15, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4116 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 15, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4111 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 15, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 yetiforcecrm is vulnerable to Business Logic Errors
CVE-2021-4107 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4092 1Yetiforce 1Yetiforce Customer Relationship Management Jun 17, 2026 Dec 11, 2021 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)